This topic describes how to plan your environment before installing VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) on VMware vSphere with NSX integration.
Before installing VMware Tanzu Kubernetes Grid Integrated Edition on VMware vSphere with NSX integration, plan your environment as described in the following sections:
Familiarize yourself with the following VMware documentation:
Familiarize yourself with the following related documentation:
Review the following Tanzu Kubernetes Grid Integrated Edition documentation:
Tanzu Kubernetes Grid Integrated Edition on VMware vSphere with NSX requires the following component interactions:
Review the Deployment Topologies for Tanzu Kubernetes Grid Integrated Edition on VMware vSphere with NSX. The most common deployment topology is the NAT topology. Decide which deployment topology you will implement, and plan accordingly.
Before you install Tanzu Kubernetes Grid Integrated Edition on VMware vSphere with NSX, plan the CIDRs and IP blocks that you are using in your deployment.
Plan for the following network CIDRs in the IPv4 address space according to the instructions in VMware NSX documentation:
VTEP CIDRs: One or more of these networks host your GENEVE Tunnel Endpoints on your NSX Transport Nodes. Size the networks to support all of your expected Host and Edge Transport Nodes. For example, a CIDR of 192.168.1.0/24
provides 254 usable IPs.
TKGI MANAGEMENT CIDR: This small network is used to access Tanzu Kubernetes Grid Integrated Edition management components such as Ops Manager, BOSH Director, and Tanzu Kubernetes Grid Integrated Edition VMs as well as the Harbor Registry VM if deployed. For example, a CIDR of 10.172.1.0/28
provides 14 usable IPs. For the No-NAT deployment topologies, this is a corporate routable subnet /28. For the NAT deployment topology, this is a non-routable subnet /28, and DNAT needs to be configured in NSX to access the Tanzu Kubernetes Grid Integrated Edition management components.
TKGI LB CIDR: This network provides your load balancing address space for each Kubernetes cluster created by Tanzu Kubernetes Grid Integrated Edition. The network also provides IP addresses for Kubernetes API access and Kubernetes exposed services. For example, 10.172.2.0/24
provides 256 usable IPs. This network is used when creating the ip-pool-vips
described in Creating VMware NSX Objects for Tanzu Kubernetes Grid Integrated Edition, or when the services are deployed. You enter this network in the Floating IP Pool ID field in the Networking pane of the Tanzu Kubernetes Grid Integrated Edition tile.
When you install Tanzu Kubernetes Grid Integrated Edition on VMware NSX, you are required to specify the Pods IP Block ID and Nodes IP Block ID in the Networking pane of the Tanzu Kubernetes Grid Integrated Edition tile.
Pods IP Block ID and Nodes IP Block ID IDs map to the two IP blocks you must configure in VMware NSX: the Pods IP Block for Kubernetes pods, and the Node IP Block for Kubernetes nodes (VMs).
To configure Pods IP Block ID and Nodes IP Block ID:
For more information, see the Networking section of Installing Tanzu Kubernetes Grid Integrated Edition on VMware vSphere with NSX Integration.
Each time a Kubernetes namespace is created, a subnet from the Pods IP Block is allocated. The subnet size carved out from this block is /24, which means a maximum of 256 pods can be created per namespace.
When a Kubernetes cluster is deployed by Tanzu Kubernetes Grid Integrated Edition, by default 3 namespaces are created. Often additional namespaces will be created by operators to facilitate cluster use. As a result, when creating the Pods IP Block, you must use a CIDR range larger than /24 to ensure that NSX has enough IP addresses to allocate for all pods. The recommended size is /16. For more information, see Creating VMware NSX Objects for Tanzu Kubernetes Grid Integrated Edition.
Note: By default, Pods IP Block is a block of non-routable, private IP addresses. After you deploy Tanzu Kubernetes Grid Integrated Edition, you can define a network profile that specifies a routable IP block for your pods. The routable IP block overrides the default non-routable Pods IP Block when a Kubernetes cluster is deployed using that network profile. For more information, see Routable Pods in Using Network Profiles (VMware NSX Only).
Each Kubernetes cluster deployed by Tanzu Kubernetes Grid Integrated Edition owns a /24 subnet.
To deploy multiple Kubernetes clusters, set the Nodes IP Block ID in the Networking pane of the Tanzu Kubernetes Grid Integrated Edition tile to larger than /24. The recommended size is /16. For more information, see Creating VMware NSX Objects for Tanzu Kubernetes Grid Integrated Edition.
Note: You can use a smaller nodes block size for no-NAT environments with a limited number of routable subnets. For example, /20 allows up to 16 Kubernetes clusters to be created.
TKGI reserves several CIDR blocks and IP addresses for internal use. When deploying TKGI, do not use a reserved IP address or CIDR block.
Note: Do not use reserved IP addresses or CIDR blocks when configuring TKGI.
Reserved Address/Range | Component | Customizable | Description |
---|---|---|---|
10.100.200.0/24 |
Nodes IP Block | No. | Each Kubernetes cluster uses the 10.100.200.0/24 subnet for Kubernetes services. Do not use this IP range for the Nodes IP Block. |
172.17.0.0/16 |
Worker node VM | No. | containerd is installed on each Tanzu Kubernetes Grid Integrated Edition worker node and is assigned the 172.17.0.0/16 network interface. Do not use this CIDR range for any TKGI component, including Ops Manager, BOSH Director, the TKGI API VM, the TKGI DB VM, and the Harbor Registry VM. Note: This range is also reserved for the Management Console VM, but is unused. |
172.17.0.0/16 |
Management Console VM | No. | The TKGI Management Console VM also reserves an unused docker0 interface on 172.17.0.0/16 . This cannot be customized. |
172.18.0.0/16 |
Management Console VM | Yes. See OVA configuration. |
The Tanzu Kubernetes Grid Integrated Edition Management Console runs the Docker daemon and reserves 172.18.0.0/16 for the subnet. Do not use this CIDR range unless you customize them during OVA configuration. |
172.18.0.1 |
Management Console VM | Yes. See OVA configuration. |
The Tanzu Kubernetes Grid Integrated Edition Management Console runs the Docker daemon and reserves 172.18.0.1 for the gateway. Do not use this CIDR range or IP address unless you customize them during OVA configuration. |
172.20.0.0/16 |
Harbor Registry VM | Yes. See Harbor tile > Networking. |
The Harbor Registry requires IP blocks in the range 172.20.0.0/16 .Do not use this CIDR range, unless you change it in the Harbor tile configuration. |
To install Tanzu Kubernetes Grid Integrated Edition on vSphere with VMware NSX, you will need to know the following: